This backend uses signing.dumps which writes the data using JSON, which difers from the other backends which do use pickle. The docs should point that out (eg you can put arbitrary data into the session) and probably also add a warning that the data is just signed and not encrypted…

I see we have docs about max cookie length, but I'm concerned that's not going to be enough to help users who run into that issue debug it. Can we raise a warning (that could be caught and logged) when users are sending a cookie larger than the standard accepted size? It should trigger if the length of name + value + one for the equals sign is > 4095 (IE has the lowest limit).

The warning might be best raised later on in the response. Since we're encouraging users to store lots of data in the cookie here, we should help them when they store too much.

I commented on #16182, but will go into more detail here. r16356 added 5 digits of precision to the signed timestamp so that this cookie backend can pass the cookie rotation test. Adding these extra bits to our already limited cookie length isn't necessary, and the test should be modified to work with single-second precision for this backend.

Unlike server-side session stores, when we rotate a cookie with this backend, we don't invalidate the previous one. In server side session stores, rotating a cookie should destroy access to the data server side, so we need to test that this rotation works immediately. In this backend, we can't invalidate previously signed cookies (other than letting them expire naturally). So requiring that setting a cookie then immediately rotating it produce a different cookie isn't meaningful.

We can either skip the test entirely, wait for one second to pass before trying the rotate function, or do something excessively clever to modify the time in-place. I'm in favor of skipping the test and reverting r16356.

Also Also (sorry for so many comments here), we're duplicating a lot of functionality. The string signer already does a bunch of the stuff that's in this module, albeit with JSON instead of pickle. Could we modify the signer to work with either JSON or pickle, and save ourselves a bunch of duplicated code? (e.g. the signer does a check to make sure the gzip is actually shorter, I don't see that here).

I commented on #16182, but will go into more detail here. r16356 added 5 digits of precision to the signed timestamp so that this cookie backend can pass the cookie rotation test. Adding these extra bits to our already limited cookie length isn't necessary, and the test should be modified to work with single-second precision for this backend.

Unlike server-side session stores, when we rotate a cookie with this backend, we don't invalidate the previous one. In server side session stores, rotating a cookie should destroy access to the data server side, so we need to test that this rotation works immediately. In this backend, we can't invalidate previously signed cookies (other than letting them expire naturally). So requiring that setting a cookie then immediately rotating it produce a different cookie isn't meaningful.

This does indeed make sense to me, at least more than r16356 made when I saw it. I'm +1 on reverting it back, although Andrew needs to be informed first.

We can either skip the test entirely, wait for one second to pass before trying the rotate function, or do something excessively clever to modify the time in-place. I'm in favor of skipping the test and reverting r16356.

Also Also (sorry for so many comments here), we're duplicating a lot of functionality. The string signer already does a bunch of the stuff that's in this module, albeit with JSON instead of pickle. Could we modify the signer to work with either JSON or pickle, and save ourselves a bunch of duplicated code? (e.g. the signer does a check to make sure the gzip is actually shorter, I don't see that here).

Yeah, full agreement here, it felt wrong when I moved it over to using pickle yesterday and wouldn't mind having a small abstraction (or additional argument) for the loads/dumps functions.